In my session, I shared two helpful tools: the risk-based approach wheel and risk-based translator. Each of these tools helps organizations effectively communicate and engage with employees in various departments, levels, and stages across the enterprise. Using a risk-based approach and engaging the entire business is especially important when we think about how the controls we have in place connect to known risks.
Connecting risks to mitigation activities is the first step in preventing risk management failures. To help further explain this I gave the following example. As I was going through airport security on my way to the conference, I brought along with me a bag of pocket-sized hand sanitizers to give out at the LogicManager booth. I was worried that this would violate the policy requiring liquids to be less than 3.4 ounces given that there were so many of them; however, when I asked the security personnel, I was informed this was allowed. Grateful I did not have to throw out 50+ hand sanitizers, I still found myself pondering the risk at hand. Although TSA was able to check off the box that the hand sanitizers were technically all under 3.4 oz, I still boarded the plane with well over this amount of liquid. What risks are the controls actually mitigating? With an effective risk management program, TSA could map this risk to an appropriate control so that it becomes clear what they are trying to prevent and avoid a potential disaster.
Implementing a risk management program is essential, and soon you will become the superhero of your organization. How do you get the board’s buy-in for continued support? It’s simple. When presenting ERM to the board, keep it short, and colorful. C-level executives do not have the time to go through the ins and outs of every department. Fortunately, all you need to communicate with your executives are dashboards that aggregate data across the enterprise into concise reports. With new technologies and increasing amounts of data and partnerships, risks are inevitable. An enterprise risk management system can help. Proactively manage your risks by connecting them to the appropriate mitigation activities and internal controls across the enterprise. Ultimately, ERM helps identify controls in a fast-moving environment to make sure the right people with the right knowledge are making key risk-reward account decisions. With a proactive and engaging ERM strategy in place, you’ll be able to avoid any corporate disasters. Lastly, play up to the advantages of the See-Through Economy to showcase satisfied customers and highlight the risks you are properly mitigating at your organization.